Performing Pairing And Authentication Using Motion Information
    72.
    发明申请
    Performing Pairing And Authentication Using Motion Information 审中-公开
    使用运动信息执行配对和认证

    公开(公告)号:US20160088474A1

    公开(公告)日:2016-03-24

    申请号:US14493613

    申请日:2014-09-23

    IPC分类号: H04W12/06 H04W74/00

    摘要: In one embodiment, a security logic of first portable device is configured to receive first motion sample information from at least one motion sensor of the first portable device and second motion sample information from at least one motion sensor of a second portable device, the first and second motion sample information obtained responsive to training movement of the first and second portable devices by a first user. Based on the motion sample information, the security logic is configured to generate a device pairing value, generate a first confidence value based on the first motion sample information and first reference motion sample information stored in the first portable device corresponding to reference movement of the first portable device by the first user, generate a relationship key pair for a relationship, and communicate the first confidence value and a public key of the relationship key pair to the second portable device using the device pairing value. Other embodiments are described and claimed.

    摘要翻译: 在一个实施例中,第一便携式设备的安全逻辑被配置为从第一便携式设备的至少一个运动传感器接收第一运动样本信息和来自第二便携式设备的至少一个运动传感器的第二运动样本信息,第一和第 响应于第一用户对第一和第二便携式设备的训练动作获得的第二运动样本信息。 基于运动样本信息,安全逻辑被配置为生成设备配对值,基于第一运动样本信息和存储在第一便携式设备中的与第一运动样本信息的参考运动相对应的第一参考运动样本信息生成第一置信度值 生成用于关系的关系密钥对,并且使用设备配对值将关系密钥对的第一置信度值和公开密钥传送到第二便携式设备。 描述和要求保护其他实施例。

    TECHNIQUES AND ARCHITECTURE FOR ANONYMIZING USER DATA
    73.
    发明申请
    TECHNIQUES AND ARCHITECTURE FOR ANONYMIZING USER DATA 有权
    用于匿名用户数据的技术和架构

    公开(公告)号:US20160012252A1

    公开(公告)日:2016-01-14

    申请号:US14369268

    申请日:2013-12-23

    摘要: An apparatus may include an interface to receive a multiplicity of user information samples at a respective multiplicity of instances; a processor circuit, and an entropy multiplexer for execution on the processor circuit to generate a pseudo random number based upon a pseudo random number seed and pseudo random number algorithm for each user information sample of the multiplicity of user information samples. Other embodiments are described and claimed.

    摘要翻译: 一种装置可以包括在相应多个实例处接收多个用户信息样本的接口; 处理器电路和熵多路复用器,用于在处理器电路上执行以基于用于多个用户信息样本的每个用户信息样本的伪随机数种子和伪随机数算法来生成伪随机数。 描述和要求保护其他实施例。

    Systems and Methods to Facilitate Multi-Factor Authentication Policy Enforcement Using One or More Policy Handlers
    74.
    发明申请
    Systems and Methods to Facilitate Multi-Factor Authentication Policy Enforcement Using One or More Policy Handlers 审中-公开
    使用一个或多个策略处理程序来促进多因素身份验证策略执行的系统和方法

    公开(公告)号:US20150281279A1

    公开(公告)日:2015-10-01

    申请号:US14229200

    申请日:2014-03-28

    IPC分类号: H04L29/06

    摘要: Methods, apparatus, systems and articles of manufacture are disclosed to facilitate multi-factor authentication policy enforcement using one or more policy handlers. An example first policy handler to manage a global policy in a distributed environment includes a parser to identify a first sub-policy of the global policy that is capable of enforcement by the first policy handler, and an attester to sign the first sub-policy. The example first policy handler further includes a director to determine whether to forward the global policy to a second policy handler based on a signature status of the global policy, and to forward the global policy to the second policy handler when the signature status of the global policy is indicative of an unsigned second sub-policy.

    摘要翻译: 公开了方法,装置,系统和制品,以促进使用一个或多个策略处理程序的多因素认证策略实施。 用于在分布式环境中管理全局策略的示例性的第一策略处理器包括用于识别能够被第一策略处理程序强制执行的全局策略的第一子策略的解析器,以及用于签署第一子策略的请求者。 示例性的第一策略处理器还包括一个导向器,用于基于全局策略的签名状态来确定是否将全局策略转发到第二策略处理器,并且当全局策略处理器的签名状态 政策表明了无符号的第二个次级政策。

    METHOD, APPARATUS AND SYSTEM FOR PROVIDING TRANSACTION INDEMNIFICATION
    75.
    发明申请
    METHOD, APPARATUS AND SYSTEM FOR PROVIDING TRANSACTION INDEMNIFICATION 审中-公开
    提供交易赔偿的方法,装置和系统

    公开(公告)号:US20150220927A1

    公开(公告)日:2015-08-06

    申请号:US14129543

    申请日:2013-09-25

    IPC分类号: G06Q20/40 H04L29/08

    摘要: Techniques and mechanisms to provide indemnification for a transaction involving communications between networked devices. In an embodiment, attestation logic of a first device sends to a second device attestation information to indicate a trustworthiness level of first device. Based on the attestation information, indemnification logic of the second device determines an indemnification value representing a cost of an indemnification for a first transaction. Indemnification logic of the first device receives the indemnification value and determines, based on the indemnification value, whether a participation in the transaction is to take place.

    摘要翻译: 为涉及网络设备之间通信的交易提供赔偿的技术和机制。 在一个实施例中,第一设备的认证逻辑发送到第二设备认证信息以指示第一设备的可信赖级别。 基于认证信息,第二设备的赔偿逻辑确定代表第一交易的赔偿成本的赔偿价值。 第一设备的赔偿逻辑接收赔偿价值,并根据赔偿价值确定是否要进行交易。

    TECHNOLOGIES FOR SYNCHRONIZING AND RESTORING REFERENCE TEMPLATES
    76.
    发明申请
    TECHNOLOGIES FOR SYNCHRONIZING AND RESTORING REFERENCE TEMPLATES 有权
    技术用于同步和恢复参考模板

    公开(公告)号:US20150082024A1

    公开(公告)日:2015-03-19

    申请号:US14128040

    申请日:2013-09-19

    申请人: Ned M. Smith

    发明人: Ned M. Smith

    IPC分类号: H04L29/06 H04L9/08 H04L29/08

    摘要: Generally, this disclosure describes technologies for restoring and/or synchronizing templates such as biometric templates to/among one or more client devices. In some embodiments one or more client devices may register with a synchronization server and provide encrypted copies of their reference templates to the server. In a restoration operation, the synchronization server may provide an encrypted copy of a client's reference template(s) to the client, which may decrypt them in a protected environment. In a synchronization operation, the synchronization server may provide encrypted copy of a first client's template(s) to a plurality of second clients. The second clients may then decrypt the encrypted template(s) within a protected environment using an appropriate decryption key.

    摘要翻译: 通常,本公开描述了用于在/在一个或多个客户端设备之间恢复和/或同步诸如生物测定模板的模板的技术。 在一些实施例中,一个或多个客户端设备可以向同步服务器注册,并将其引用模板的加密副本提供给服务器。 在恢复操作中,同步服务器可以向客户端提供客户端参考模板的加密副本,这可以在受保护的环境中解密它们。 在同步操作中,同步服务器可以向多个第二客户端提供第一客户端模板的加密副本。 然后,第二客户端可以使用适当的解密密钥来解密受保护环境中的加密模板。

    Method, apparatus and system for controlling access to computer platform resources
    77.
    发明授权
    Method, apparatus and system for controlling access to computer platform resources 有权
    用于控制对计算机平台资源的访问的方法,装置和系统

    公开(公告)号:US08966600B2

    公开(公告)日:2015-02-24

    申请号:US12976942

    申请日:2010-12-22

    IPC分类号: H04L29/00 H04L9/32

    摘要: A manageability engine, and/or operations thereof, for controlling access to one or more resources of a computer device. In an embodiment, the manageability engine executes an authentication agent to perform authentication of a local user of a computer platform which includes the manageability engine. In another embodiment, the manageability engine includes a device driver to control an input/output device for the local user to exchange an authentication factor via a trusted path between the input/output device and the manageability engine.

    摘要翻译: 一种可管理性引擎和/或其操作,用于控制对计算机设备的一个或多个资源的访问。 在一个实施例中,可管理性引擎执行认证代理以执行包括可管理引擎的计算机平台的本地用户的认证。 在另一个实施例中,可管理性引擎包括设备驱动程序,用于控制本地用户的输入/输出设备,以通过输入/输出设备和可管理性引擎之间的信任路径来交换认证因素。

    DEVICE, METHOD, AND SYSTEM FOR SECURE TRUST ANCHOR PROVISIONING AND PROTECTION USING TAMPER-RESISTANT HARDWARE
    79.
    发明申请
    DEVICE, METHOD, AND SYSTEM FOR SECURE TRUST ANCHOR PROVISIONING AND PROTECTION USING TAMPER-RESISTANT HARDWARE 有权
    使用防潮硬件安全信赖锚定器和保护的装置,方法和系统

    公开(公告)号:US20140095867A1

    公开(公告)日:2014-04-03

    申请号:US13631562

    申请日:2012-09-28

    摘要: A method and device for securely provisioning trust anchors includes generating a database wrapper key as a function of computing device hardware. The database wrapper key encrypts a key database when it is not in use by a trusted execution environment and may be generated using a Physical Unclonable Function (PUF). A local computing device establishes a secure connection and security protocols with a remote computing device. In establishing the secure connection, the local computing device and remote computing device may exchange and/or authenticate cryptographic keys, including Enhanced Privacy Identification (EPID) keys, and establish a session key and device identifier(s). One or more trust anchors are then provisioned depending on whether unilateral, bilateral, or multilateral trust is established. The local computing device may act as a group or domain controller in establishing multilateral trust. Any of the devices may also require user presence to be verified.

    摘要翻译: 用于安全地配置信任锚的方法和设备包括生成作为计算设备硬件的函数的数据库包装密钥。 数据库包装器密钥在密钥数据库不被可信执行环境使用时加密,并且可以使用物理不可克隆功能(PUF)生成密钥数据库。 本地计算设备与远程计算设备建立安全连接和安全协议。 在建立安全连接时,本地计算设备和远程计算设备可以交换和/或验证密码密钥,包括增强型隐私标识(EPID)密钥,并建立会话密钥和设备标识符。 根据单方面,双边或多边信托是否建立了一个或多个信托基金。 本地计算设备可以充当组或域控制器来建立多边信任。 任何设备也可能要求验证用户存在。

    Controlling a network connection using dual-switching
    80.
    发明授权
    Controlling a network connection using dual-switching 有权
    使用双重切换控制网络连接

    公开(公告)号:US08661521B2

    公开(公告)日:2014-02-25

    申请号:US11216429

    申请日:2005-08-30

    IPC分类号: H04L29/06

    CPC分类号: H04L63/029 H04L63/08

    摘要: Embodiments of the invention are generally directed to systems, methods, and apparatuses for controlling a network connection based, at least in part, on dual-switching. In an embodiment, a tunnel proxy is coupled with a host execution environment. The tunnel proxy includes logic to provide a security protocol client and logic to provide a security protocol server. In one embodiment, the tunnel proxy provides a proxy for a policy decision point to the host execution environment. Other embodiments are described and claimed.

    摘要翻译: 本发明的实施例一般涉及至少部分地基于双重切换来控制网络连接的系统,方法和装置。 在一个实施例中,隧道代理与主机执行环境耦合。 隧道代理包括提供安全协议客户端和逻辑以提供安全协议服务器的逻辑。 在一个实施例中,隧道代理为主机执行环境提供用于策略决策点的代理。 描述和要求保护其他实施例。